The personal blog of Peter Lee a.k.a. "China Hand"... Life is a comedy to those who think, a tragedy to those who feel, and an open book to those who read. You are welcome to contact China Matters at the address chinamatters --a-- prlee.org or follow me on twitter @chinahand.

Wednesday, January 27, 2010

In the article I speculate that Google might have hoped to leverage international outrage over Chinese hacking in order to get better treatment from the PRC (more aggressive pursuit of hackers and reduced filtering for its Google.cn search engine in order to put it on a better competitive footing vis a vis archrival Baidu).

However, as the issue became an international human rights/open society/US government cause celebre, Google may have gotten more than it bargained for.

A few interesting data points that I didn’t cover in the article:

1. The main hack—sometimes known as the Aurora exploit or Trojan.hydraq—exploited a vulnerability in Microsoft’s Internet Explorer that enabled the command-and-control server to inject a shell and run its application on the target computer unmolested after the victim opened the trick e-mail attachment that directed his computer to the hacker’s URL.

2. According to the UK’s Register, an Israeli computer security firm, BugSec, reported the vulnerability to Microsoft on August 26, 2009. Microsoft had planned to grunt out a patch in February 2010, but the worldwide kafuffle compelled it to rush an “out of band” patch to users on January 21.

3. Symantec’s Security Response Blog took an attitude of “meh” to the Google incident, implying that the only thing new about this intrusion was Google’s decision to go apesh*t about it:

The story of the attacks went public following the announcement from Google, with news media organizations worldwide choosing to place the story prominently on the front pages of numerous Web sites and printed publications. Far from being confined to security-related mailing lists and blogs, the story became part of the week’s headlines with its news of potentially politically motivated “information warfare” in conjunction with the possibility of significant change ahead for one of the world’s most prominent companies.…The Trojan.Hydraq incident was no different and was almost textbook in its execution of a targeted attack. While there is much talk of the most recent incident, we observed a Trojan.Hydraq based attack in July 2009. …

Trojan.Hydraq itself is very much a standard backdoor Trojan. Considering the efforts that the attackers put into staging the attack as a whole, the end malware is not so sophisticated. It doesn't use any anti-debugging or anti-analysis tricks. It just uses some basic obfuscation in the form of spaghetti code on some of its components.

4. The Aurora exploit seems to have been a big hack. If what’s leaking out of Google is accurate, perhaps 30 Silicon Valley companies were targeted. But to me it’s open to question whether the scale of the hack was an escalation of Chinese attacks, or merely an opportunistic, organized attempt to exploit the “day zero” IE vulnerability with a simultaneous, multi-enterprise attack, knowing that the flaw would get patched soon after the assault occurred. China’s interest in industrial espionage, conducted directly and through hacker cutouts, is undeniable and the Aurora incident was perhaps just business as usual.

5. There have not been a lot of full-throated support of Google by the high-tech community. On the other hand, Bill Gates pooh-poohed the intrusion on Good Morning, America and John Chambers of Cisco seemed less than impressed. Maybe all they care about is shoveling Beijing’s bloody coin into their pockets but maybe the hack wasn’t all that remarkable.

6. Microsoft is, of course, the main target of Chinese hacks. In contrast to Google’s chest-thumping, Microsoft goes for low key engagement with Chinese entities. Its efforts are chronicled in a very interesting blog called “Dark Visitor” (English translation of the characters for “hacker” – 黑客. The Chinese government obliged Microsoft (while eliciting squeals from the Chinese high tech community) in August 2009 by arresting one Hong Lei, the author of Tomato Garden, the pirated version of Windows XP retailing for about US$ 0.70 that enjoys sizable market share inside the PRC. Also in August 2009, Microsoft participated in a conference of Chinese “security researchers” a.k.a. hackers, apparently hoping to bring hackers over from the dark side with the lure of financial incentives. In the case of the Aurora exploit, however, Microsoft apparently didn’t receive a useful heads-up from its Chinese friends.

7. I’m wondering if Google went public in the hope that aroused Chinese netizens and the international IT community would flock to its support and force a climbdown by the Chinese government on Google.cn results filtering, as Beijing was forced to do last summer in the case of the “Green Dam Youth Escort”, a porn and violence filtering software it tried to mandate for installation on all PCs. Difference is, Green Dam was apparently a poorly conceived, easily circumvented kludge that, allegedly, relied on 3000 lines of stolen code from Cybersitter (the Chinese creator is now looking at a US$2.2 billion lawsuit). When the Green Dam mandate was announced in June 2009, Chinese media watcher Imagethief did a good, snarky takedown on this doomed effort to deprive Chinese netizens of their porn privileges.

8. Presumably anybody in China who cares about open Internet access is getting their daily dose of porn, Tibetan nationalism, and whatever through one of the many Great Firewall workarounds promoted by the open society crowd. Green Dam would have endangered these users at their PCs—not only blocking images but, presumably firing off messages to the mothership about what was getting blocked. Loosening the filtering restrictions on Google.cn, on the other hand, could never substitute for untrammeled access to the global Internet through a proxy. So I don’t think Google, whose Google.cn is solidly in second place behind Baidu in China’s in-country search engine business, is tapping into a lot of pent-up demand for a slightly liberalized but still porn-free local search engine.

9. After Google’s threat to stop filtering its search engine results became front-page news around the world, the Chinese government is probably not in the mood to do Google lots of favors. There is brave talk about how China needs Google but the Chinese government may not see it that way. Current reports indicate that Google is negotiating to retain its R&D center inside China and I would expect that’s just a way for Google to keep its mangled foot in the door until some major regime liberalization occurs in the currently unforeseeable future.

Update: According to an insider account in the Jan. 14 Wall Street Journal, Google co-founder Sergey Brin, who came from the Soviet Union, put his anti-totalitarian foot down and ordered the public pushback against China over the objections of CEO Eric Schmidt.

Monday, January 11, 2010

The black man with the heavy-lidded, smoldering glare, the mouth set in sullen defiance, the badass watchcap, the hatred for America's decadent capitalist values...

Hey, wait a minute, that's Tiger Woods!

Of course, that's Tiger Woods on the right, courtesy of the current issue of Vanity Fair.

On the left is alleged underwear bomber Umar Farouk Abdulmutallab, in a photo that Newsweek used on the cover of its January 11 issue (the China Matters media strategy precludes shelling out $5.95 for Newsweek, so I found and cropped the relevant picture of Abdulmutallab pretty much as it appeared on the cover. More about that later.)

On an expedition to my local supermarket I was confronted by these two strikingly similar images and was reminded that an important function of illustrations is to help shoehorn readers' perceptions into preconceived narratives.

The most recent images available of Abdulmutallab don't do a good enough job of conveying implacable jihadist menace.

The photograph released by the U.S. Marshal's Service after his detention is a compositionally striking and flattering photo of a glum but passive, well-groomed, and not particularly threatening-looking young man in a snow-white T-shirt that looks like it came out of an ad for fabric softener.

On the other hand, Newsweek could not be expected to use the other current picture that was available:

This smiling, relaxed image of Abdulmutallab, together with a graphic representing the plane he planned to blow up, was provided by a jihadist website as part of the martyr media package used to glorify, motivate (and recruit) perpetrators of suicide attacks.

As for Tiger Woods, the image Vanity Fair used on its current cover was taken by Anne Leibovitz in 2006, well before his current troubles.

Apparently, Leibovitz was trying to show us the great athlete and competitor--the tiger, shall we say-- beneath the pastel knits of the pampered corporate pussycat.

Instead, the picture does a good job of showing that no golfer, not even Tiger Woods, looks good with his shirt off, especially with a lighting scheme dialed to "decaying mackerel". The snaps were shelved until Vanity Fair discovered that the world was thirsting for pictures of Woods looking down and dirty.

Returning to the underwear bomber, the Newsweek cover is rather effective.

The resentful expression, the inner city accoutrement of knit cap and windbreaker, the booking-photo-meets-security-camera-screen-grab photographic values, the heavensent subliminal message of the vertical bars, all combine to create an image--and impression--of a mean, scary outsider.

Interestingly, the picture Newsweek used was taken in 2001, during a class trip to London arranged by the exclusive international school Abdulmutallab attended in Togo.

Here's the uncropped photo, with Abdulmutallab and a schoolmate (whose expression and physique would defeat any attempt to convey whipcord menace) in front of some London landmark. The photo was taken by his history teacher, Mike Rimmer, who provided it to the media.

Abdulmutallab was 14 years old or so at the time.

Using an image of a child to illustrate a story about the crimes of a man is, to me, a questionable journalistic decision.

To be fair, Abdulmutallab was already attracted to a radicalized brand of Islam at the age of 14 and probably did not really enjoy his visit to the Crusader stronghold of London just as the Western world was cooking up the invasion of Afghanistan.

And Tiger Woods was probably already well on his way to destroying his trophy life/trophy wife gilded existence through serial lechery when Anne Leibovitz snapped his portrait.

But it should not be forgotten that pictures often don't tell us anything new; sometimes they merely emphasize something we think we already know.

And sometimes--when images of a (black) terrorist and America's most successful (black) athlete unexpectedly converge--they can tell us something about ourselves, something that maybe we don't want to hear.

P.S. I received some negative feedback concerning this post. To clarify, I feel that any picture showing an unsmiling black male staring at the camera can't illustrate an article about terrorism (Abdulmutallab) or the temptations of fame (Woods) honestly, given America's race-related issues. Instead, the picture is all about using a symbol of American racial fears to juice stories in which race is a virtually non-existent element. And using old images that enable this coding--instead of more recent and relevant photos that are readily available--is doubly reprehensible. CH, 1/13/10